ThreatTrack VIPRE® detects and removes software programs that are potentially
unwanted by VIPRE® customers. Broadly, these programs include a range of
types of software that incorporate behavior or functionality that, as a result
of user feedback and the analysis of the ThreatTrack Malware Research Team, we know
our customers may find potentially objectionable.

Defining what is "potentially unwanted" involves a combination of objective and
subjective analysis. Since ThreatTrack sells VIPRE® to both enterprise and home
environments (hence, addressing markets that overlap, but may have different
needs), a broad range of criteria are used to define what may not be wanted on
a system by the end user or system administrator.

Often, a product may be listed in the VIPRE® database that would be
considered innocuous but should be known to the user. For example, many remote
control applications are listed in the VIPRE® database. While remote control
programs are almost always used for legitimate purposes, there are genuine nefarious
uses for remote control programs, such as spying on passwords and stealing credit
card information. These types of applications are made known to the user, but
are listed with the default action of "Ignore".

Potentially Unwanted Installations are defined as software that engages in any
of the following objectionable practices:

Distribution & Installation

Installation processes used to deliver software to users' PCs become
objectionable when the software...

installs via automated installation processes (e.g., for ActiveX controls)
initiated by or at third-party web sites when the software is not functionally
required to view the content of those third-party sites and is not directly and
specifically solicited by users

installs as part of a package or collection of multiple "adware" (advertising)
programs, "malware" programs, or other similar programs that are not directly
and explicitly requested by the user

is bundled with a functionally unrelated, separate host application actually
sought by users (i.e., as an "adware" bundle) and installs without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

"stealth installs" or "force installs" on users' PCs without first providing
any notice or warning to users prior to installation and without having secured
their full, meaningful, and informed consent

installs on users' PCs after providing only substandard, inadequate notice and
disclosure, and thus failing to secure users' full, meaningful, and informed
consent

installs via a security exploit or vulnerability

uses malware to install or facilitate installation

is installed via a virus, worm, trojan horse, malicious bot, rootkit, or other
malware program

is installed via an auto-updater or similar mechanism for a different,
functionally separate program without first providing sufficient notice and
choice to users and without securing their full, meaningful, and informed
consent

is installed by another functionally separate "adware" program, "malware"
program, or similar program without first providing sufficient notice and
choice to users and without securing their full, meaningful, and informed
consent

is installed via a hosted instance of Internet Explorer launched by Windows
Media Player and the purpose of the installation is anything other than
acquiring a license for DRM-protected content that users are attempting to play
or access

consists of advertising components and is installed at or through web sites
designed for, targeted at, or heavily used by children 13 and under

uses false, misleading, confusing, deceptive, or coercive text or graphics to
induce, compel, or cause users to install the software

uses other installation methods or techniques that most reasonable persons
would find objectionable, unfair, misleading, deceptive, or coercive

Advertising

Software that displays advertising becomes objectionable when that advertising
software...

creates, generates, opens, injects, displays, or embeds third-party advertising
(e.g., banners, pop-ups, pop-unders, sliders, text-based ads, etc. not native to
the web sites visited by users) on the desktop, in web browsers, or within elements
of the operating system or other applications

displays third-party advertising within that software's own window or graphical context
without first providing sufficient notice and choice to users and securing their full,
meaningful, and informed consent, and without offering users a means for permanently
removing or opting out of the advertising (with the proviso that the software's own
window or context cannot be the desktop itself or a web browser)

displays, opens, or embeds advertising on the user's desktop or within other
programs that is false, deceptive, misleading, or coercive

opens advertising windows that are not clearly and conspicuously labeled as
originating from the software company itself (to distinguish those ads from
normal advertising windows spawned by web sites encountered during normal web
surfing) or that provide no mechanism (e.g., a hyperlink) to allow users to get
more information about the origin and nature of the advertising as well as how
to remove it

opens advertising windows that are not closeable through normal means or that
spawn multiple other advertising windows when closed

modifies, obscures, or blocks content of viewed web pages "on the fly" for
commercial purposes without first providing sufficient notice and choice to
users and without securing their full, meaningful, and informed consent

fraudulently interferes with online commercial transactions

displays, opens, or embeds advertising using other methods or means that most
reasonable persons would find objectionable, unfair, misleading, deceptive, or
coercive

System Reconfiguration

reconfigures the user's browser home page, search settings, or other
user-selectable browser preferences without first providing sufficient notice
and choice to users and without securing their full, meaningful, and informed
consent

reconfigures the user's browser home page, search settings, or other
user-selectable browser preferences and/or prevents users from restoring their
preferences

installs new advertising-related add-ons (e.g., toolbars, searchbars, et al) to
browser and/or desktop without first providing sufficient notice and choice to
users and without securing their full, meaningful, and informed consent

maliciously modifies or deletes the HOSTS file without first providing
sufficient notice and choice to users and without securing their full,
meaningful, and informed consent

maliciously modifies or deletes other system configuration files without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

configures advertising-related programs to start automatically with the
operating system without first providing sufficient notice and choice to users
and without securing their full, meaningful, and informed consent

inserts advertising-related programs into the Winsock Layered Service Provider
chain without first providing sufficient notice and choice to users and without
securing their full, meaningful, and informed consent

reconfigures or modifies users' browser and/or TCP/IP network settings to
automatically direct or route users' Internet traffic to or through a remote
host other than the user's default ISP without first providing sufficient
notice and choice to users and without securing their full, meaningful, and
informed consent

reconfigures or modifies users' browser and/or TCP/IP network settings to
automatically direct or route user's internet traffic to or through a local
host for the purposes of advertising and marketing without first providing
sufficient notice and choice to users and without securing their full,
meaningful, and informed consent

redirects, modifies, interferes with, or blocks users' preferred browsing
destinations and searches without first providing sufficient notice and choice
to users and without securing their full, meaningful, and informed consent

reconfigures PCs' dial-up networking settings so as to cause those PCs to
establish phone connections to premium rate phone numbers without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

deliberately blocks network access from the PC to internet sites of recognized
"anti-malware" or "anti-malware" software or service providers, both commercial
and non-commercial

passively conceals its presence on PCs by failing to provide users with any
clear and conspicuous indication of its execution

actively conceals its presence on PCs by employing functionality designed to
hide the program from normal means and methods for observing and detecting
programs and components

reconfigures, modifies, or blocks privacy and security programs (e.g.,
"anti-malware" programs, "anti-malware" programs, firewalls) to disable,
cripple, impede, or bypass those privacy and security programs without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

maliciously reconfigures other programs or system settings so as to lower
security of individual programs or the system as a whole

installs or uses an auto-updater or similar mechanism without providing a
readily accessible means for users to configure or disable that auto-update
mechanism

installs or uninstalls other, functionally separate programs without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

reconfigures users' PCs and software in other ways that most reasonable persons
would find objectionable, unfair, misleading, deceptive, or coercive

Data Collection, Transmission, & Sharing

Software that collects information from and about users as well as other
sensitive, confidential information from their systems becomes objectionable
and privacy-invasive when that software...

collects Personally Identifiable Information from users or their PCs and
transmits that information over a network connection without first providing
sufficient notice and choice to users and without securing their full,
meaningful, and informed consent

collects and transmits data regarding user's internet connection, viewing, and
communication habits and behavior for the purposes of advertising and marketing
without first providing sufficient notice and choice to users and without
securing their full, meaningful, and informed consent

collects and transmits other potentially sensitive or confidential data from
users' PCs and network traffic without first providing sufficient notice and
choice to users and without securing their full, meaningful, and informed
consent

consists of third-party cookie data set by web sites or servers that are part
of third-party advertising, marketing, or metrics/measurement networks for the
purposes of tracking and monitoring the surfing behavior, habits, and history
of users across unrelated web sites.

Company or Entity responsible for the software provides or sells data collected
from users and PCs in non-aggregate form to third-parties without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

collects and transmits data of such a kind and in such a way that most
reasonable persons would find such practices objectionable, unfair, misleading,
deceptive, or coercive

Uninstallation

Software should provide a locally installed, readily accessible, fully
functional uninstallation mechanism that performs a reasonably clean and
complete removal of the software from users' systems. Moreover, software should
not resist detection and removal by anti-malware utilities in any way. The
software's uninstallation functionality is inadequate when the software...

installs no readily accessible, easily usable, fully functional uninstallation
program or equivalent mechanism (i.e., an "uninstaller") to users' PCs during
installation of the software itself

uses an uninstaller accessible or usable only from web site and/or that
requires a network connection to access and use

uses an uninstaller that leaves significant executable remnants on users' PCs
that either reinstall the software or install new software without first
providing sufficient notice and choice to users and without securing their
full, meaningful, and informed consent

uses an uninstaller that falsely and deceptively claims to have performed a
reasonably complete removal of the software from users' PCs

uses an uninstaller that reinstalls the application or a modified variant, or
that installs other software on users' systems without first providing
sufficient notice and choice to users and without securing their full,
meaningful, and informed consent

when bundled with a functionally unrelated, separate host application (i.e., as
an "adware" bundle), does not automatically uninstall when the host application
is uninstalled

uses an uninstaller that badgers, coerces, or tricks the user into refusing or
canceling the uninstallation

uses an uninstaller that conditions uninstallation on the acceptance of terms
that most reasonable persons would find objectionable, onerous, or outrageous

performs or resists uninstallation in such a way that most reasonable persons
would find the program's behavior objectionable, unfair, misleading, deceptive,
or coercive

Potentially Dangerous Tools

Some system tools and utilities may have legitimate, non-malicious uses. These
system tools and utilities become potentially dangerous when they can be
installed without the full knowledge and permission of users or administrators
and they can be used to...

monitor, capture, modify, or interfere with network data traffic on PCs or
networks for malicious purposes

remotely administer, control, or use PCs for malicious purposes

capture or recover passwords, PINs, or other authentication data for malicious
purposes

monitor or capture keystrokes or other user activity on PCs for malicious
purposes

monitor, capture, or recover other potentially sensitive data from PCs for
malicious purposes

Software should not consist of malware itself, install malware on users' PCs,
or facilitate the installation of malware on users' PCs. Software becomes
objectionable when it...

installs worms or trojans horses on users' PCs

installs virus-infected files on users' PCs

installs backdoors, rootkits, or malicious bots on users' PCs

installs spam bots, zombie programs, or other remotely controllable tools, such
as those that enable PCs to participate in coordinated Distributed Denial of
Service attacks

infects files or the PC's file system with a virus

deliberately and maliciously deletes or corrupts critical system files or other
valuable data on or transmitted from users' PCs

is itself a virus, worm, or trojan horse

is itself a backdoor, rootkit, or malicious bot

is itself a remote administration tool that is designed to be installed without
the PC administrator's full knowledge and consent and which is designed to hide
its presence from the administrator for potentially malicious purposes

installs or is itself any form of software that recognized security experts
regard as malware

Notice, Disclosure, Choice, & Consent

Prior to installation, software should provide clear, conspicuous notice and
disclosure to users both of the installation of the software as well as key
functionality of the software. It should also offer users the clear,
conspicuous, and usable choice of canceling the installation and/or opting out
of objectionable provisions. Only software that offers clear, conspicuous
notice, disclosure, and choice during installation can be said to gain the
full, meaningful, informed consent of users. Clear, conspicuous notice,
disclosure, and choice is not provided, nor is the full, meaningful, informed
consent of users secured when the software:

provides no clear, conspicuous, meaningful notice to users of installation of
software

does not offer users a clear, conspicuous, usable choice to cancel or opt out
of installation through normal means

disregards, thwarts, blocks, or impedes users' choice to cancel or opt out of
installation

lacks an End User License Agreement and Privacy Policy that is readily
accessible before or during installation

discloses key terms related to advertising, system reconfiguration, and data
collection / transmission practices only in an End User License Agreement
(EULA) or Privacy Policy or in locations and documents that users are not
likely to read during the installation of the software

fails to clearly, conspicuously, and meaningfully disclose key software
functionality and behavior that are otherwise remarkable, onerous, or
potentially objectionable

discloses key software functionality and behavior that is otherwise remarkable,
onerous, or potentially objectionable only in EULA or Privacy Policy or in
locations and documents that users are not likely to read during the
installation of the software

discloses key license terms and software functionality in language that is not
simple, plain, straightforward, direct, unvarnished, and free of euphemisms

uses textual and/or graphical design elements to obscure or hide, either
partially or completely, key textual information designed to provide notice and
disclosure to users

uses false, misleading, confusing, deceptive, or coercive text or graphics to
induce, compel, or cause users to install the software

provides or uses false, deceptive, or misleading information about key license
terms, software functionality, or the identity of Company or Entity responsible
for the software in Privacy Policy, EULA, pop-up windows, browser windows,
dialog boxes, or any other document that might be viewed by users during
installation

uses a EULA or Privacy Policy that includes license terms that are designed to
prevent users from using third-party privacy and security programs (e.g.,
"anti-malware" programs) to control, configure, block, or
remove the software from users' PCs

uses license terms that require users to consent to future unsolicited updates
or upgrades, future unsolicited installation of other software, or future
unsolicited uninstallation of other software without providing a clear,
conspicuous, readily accessible and usable means for the user to cancel,
refuse, or opt-out of such updates, upgrades, installations, and removals

uses a EULA or Privacy Policy that requires users to consent to the terms of
EULAs and/or Privacy Policies from other companies that supply "adware,"
"malware," or similar software

conditions use of the software on other license terms that most reasonable
persons would find unfair, onerous, objectionable, or outrageous

provides notice, disclosure, and choice of such a kind and in such a way that
most reasonable persons would find that notice, disclosure, and choice to be
inadequate, objectionable, unfair, misleading, deceptive, or coercive

ThreatTrack VIPRE® will detect software that engages in any single one of the
objectionable practices listed above and present that potentially unwanted
software to users and administrators for possible removal. Although ThreatTrack
Security does consult and review the opinions and judgments of respected
industry experts and leaders regarding the software it considers for detection
by VIPRE®, ThreatTrack is not obligated to agree with those other viewpoints,
nor is ThreatTrack obligated to recognize and respect third-party seals, logos,
certifications, or classifications of any kind. As ThreatTrack's primary obligation
is to its own customers, ThreatTrack is bound to make its own independent decisions
about software detected by VIPRE®. At its sole discretion, ThreatTrack may
elect to exclude software from detection based on the assessed needs,
preferences, or requirements of customers. ThreatTrack Security assesses the
"threat" posed by potentially unwanted software and may, depending on the
established "threat level," adjust the "Recommended Action" presented to
VIPRE® users and administrators from "Delete" or "Quarantine" to "Ignore"
or "Report Only." The final decision to remove software, however, is always
made by users and administrators.

This document has been a collaborative effort between Eric L. Howes and ThreatTrack Security.
To contact the ThreatTrack Malware Research Team, please go to the
contact us page.

Last update: March 20, 2015

Note: ThreatTrack Security reserves the right to change these criteria without notice.